istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/adsc/util.go (about)

     1  // Copyright Istio Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package adsc
    16  
    17  import (
    18  	"crypto/tls"
    19  	"strings"
    20  
    21  	"istio.io/istio/pkg/config"
    22  	"istio.io/istio/pkg/config/schema/collections"
    23  	"istio.io/istio/pkg/security"
    24  )
    25  
    26  func getClientCertFn(config *Config) func(requestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error) {
    27  	if config.SecretManager != nil {
    28  		return func(requestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error) {
    29  			key, err := config.SecretManager.GenerateSecret(security.WorkloadKeyCertResourceName)
    30  			if err != nil {
    31  				return nil, err
    32  			}
    33  			clientCert, err := tls.X509KeyPair(key.CertificateChain, key.PrivateKey)
    34  			if err != nil {
    35  				return nil, err
    36  			}
    37  			return &clientCert, nil
    38  		}
    39  	}
    40  	if config.CertDir != "" {
    41  		return func(requestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error) {
    42  			certName := config.CertDir + "/cert-chain.pem"
    43  			clientCert, err := tls.LoadX509KeyPair(certName, config.CertDir+"/key.pem")
    44  			if err != nil {
    45  				return nil, err
    46  			}
    47  			return &clientCert, nil
    48  		}
    49  	}
    50  
    51  	return nil
    52  }
    53  
    54  func convertTypeURLToMCPGVK(typeURL string) (config.GroupVersionKind, bool) {
    55  	parts := strings.SplitN(typeURL, "/", 3)
    56  	if len(parts) != 3 {
    57  		return config.GroupVersionKind{}, false
    58  	}
    59  
    60  	gvk := config.GroupVersionKind{
    61  		Group:   parts[0],
    62  		Version: parts[1],
    63  		Kind:    parts[2],
    64  	}
    65  
    66  	_, isMCP := collections.Pilot.FindByGroupVersionKind(gvk)
    67  	if isMCP {
    68  		return gvk, true
    69  	}
    70  
    71  	return config.GroupVersionKind{}, false
    72  }